You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

I've been trying to help a friend "fix" a PC (Macys.com redirects to various "porn-type" links) - and cannot seem to eliminate the source of this problem. I have run the standards (SpyBot/AVG/Ad-Aware/Trend/Bit Defender/Trend Housecall) and while each has located and repaired/quarantined/removed - the problem is still there.

C:\Explorer.exe: not presentC:\WINDOWS\Explorer\Explorer.exe: not presentC:\WINDOWS\System\Explorer.exe: not presentC:\WINDOWS\System32\Explorer.exe: not presentC:\WINDOWS\Command\Explorer.exe: not presentC:\WINDOWS\Fonts\Explorer.exe: not present

Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

BC AdBot (Login to Remove)

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available.A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and that you don't miss out any steps.If you have any queries about the process or just general questions, just ask.

I think we should run AVG antispyware in safe mode and see what we find.There is a higher deletion sucess rate in safe mode.

Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.

Now reboot into Safe Mode.This can be done tapping the F8 key as soon as you start your computer You will be brought to a menu where you can choose to boot into safe mode. Make sure you choose the option without networking support.

Open AVG again and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine.Click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. Ewido will list any infections found on the left hand side.

When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).Close AVG antispyware and reboot!! Please post the log in your next reply.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!

Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .Double-click the Network Connections icon. Right-click the Local Area Connection icon and select Properties.Hilight Internet Protocol (TCP/IP) and click the Properties button.Be sure Obtain DNS server address automatically is selected.OK your way out. Go to Start > Run and type in cmd Click OK.This will open a commad prompt.Type or copy and paste the following line in the command window:ipconfig /flushdns

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

I suspect that in your original directions you wanted to see if safe mode AVG scan cleared NameServer = 85.255.114.22,85.255.112.102 instances - and to allow me to run the HJT fix before proceeding with DNS flush and Fixwareout.

Ok, the log off of this account looks fine, we have a few things to do.

You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 5.0 Update 9). Please update and remove the older versions. Do the following:Go to Start | Control Panel | Add/Remove ProgramsSearch in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )It should have this icon next to it: Select it and click Remove.Then download and install the newest version from here:Java Runtime Environment (JRE) 5.0 Update 9

Download and save Blacklight to your desktop.Double-click blbeta.exe then accept the agreement.Click on scan then click next,You'll see a list of all items found.Do not choose for rename yet! I want to see the log first; legitimate items can also be present.There is a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)Post the contents of the log in your next reply.

There are a few steps I want you to complete to try and resolve the slow down on the computer.A whole host of reasons might account for this slow down, but I will highlight the most prominent ones below.On most computers malware is the most common cause, but at the moment I do not think this is the case.You might like to limit the programs that are loading when your computer starts, you might have unneccessary software loading whn you boot your computer which is eating away at your CPU and ultimatley slowing down your computer. Many programs install a quick launch feature which is not needed; if you want to use the program you can start it up manually. The easiest way to see whether a program is needed at startup, you can use bleeping computer's own list, which gives an indication of whether the program is required/optional etc. Note that essential processes such as those for your anti-virus or your modem must be kept.So, firstly click on start, then run and type msconfig. Then hit enter.Click on the startup tab and a list of programs will appear.You can compare the startup name with those on the startup list., link is below:www.bleepingcomputer.com/startups

To stop a program loading at boot just remove the tick.Click "Ok", and choose to restart.

You might like to try and clear clutter off your computer, and free up some space on your harddrive.Old games, unwanted photos and unused programs could be a starting point.You can also clear clutter such as temprary files by doing the following:Go to start and click on the "run" button.Type the following in the box --> cleanmgr and click ok.Let it scan your system for files to remove.Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.Press OK to remove them.

Next you can defragment your hard-drive...when was the last time you did this?Windows puts new files in any available open space and defragging will cluster files closer together making your harddrive more efficient.This saves wear and tear while speeding up programs. 1. Open My Computer. 2. Right-click the local disk volume that you want to defragment, and then click Properties. 3. On the Tools tab, click Defragment Now. 4. Click Defragment. 5. This process takes quite a long time, so be patient.

You might also like to read the following tutorial as additional infomation to the above:These selfhelp instructions can be found here

Oh yeh and also try running the Windows repair facility:Go to Start...Run...and type in "sfc.exe /scannow" (without the quotes) and press Enter. It may ask for your XP Installation CD. Once it's done, please visit Windows Update to ensure that you've got the latest hotfixes and updates (sfc.exe replaces system files when it runs).

I know he recently ran defrag - in the last week, and I plan to spend some time there tomorrow so I'll check his start up and run cleanmgr.

Something I suspect is causing trouble is OSA and FindFast - however his slow response went from a little slow (before we "fixed" the hijack) to "I'm about to throw this out the window" slow, so, I'm not sure I'm on the right track but will try a few things before I breakout the repair.